Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

38875eb035...d8.pdf

windows7-x64

1

38875eb035...d8.pdf

windows10-2004-x64

1

Analysis

  • max time kernel
    16s
  • max time network
    108s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31/12/2023, 13:45 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    38875eb035d758d6ed5752975bdd2cd8.pdf

  • Size

    37KB

  • MD5

    38875eb035d758d6ed5752975bdd2cd8

  • SHA1

    d3753c7f67cc76e4987fcf1cf5e7fe982d96bae0

  • SHA256

    99018e28d83e750285117cf851e9215ead49fae1ef79d25d8257301bea9cf327

  • SHA512

    6e6218f591b25ec645c5179301860400b01cc34ec5b66e93dfe8e410da8965124c960ac6ebf1c41736e9582be4ae5e5fe27ed93705bd6bbd392881ad924893c8

  • SSDEEP

    768:qnNd7P8mAYz9shQSyxeUQE2MQkmwzv+r4KfFzj9i3UceD+9Jv:ulYyowFzvfQFzj9Jc8+9Jv

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\38875eb035d758d6ed5752975bdd2cd8.pdf"
    1⤵
    • Checks processor information in registry
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2900
    • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2720
      • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
        "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=0D519D169B8C0AA23235CD65076FE3CA --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=0D519D169B8C0AA23235CD65076FE3CA --renderer-client-id=2 --mojo-platform-channel-handle=1760 --allow-no-sandbox-job /prefetch:1
        3⤵
          PID:1900
        • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
          "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=93FF00184AEF1A4E246D4DB9649D3A7F --mojo-platform-channel-handle=1752 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
          3⤵
            PID:3520
          • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
            "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=EC88A20D35C03D4D33D759476B5092FD --mojo-platform-channel-handle=2296 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
            3⤵
              PID:3584
            • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
              "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=91B45FC47BDFA4255247BE79ACEC44AF --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=91B45FC47BDFA4255247BE79ACEC44AF --renderer-client-id=6 --mojo-platform-channel-handle=1740 --allow-no-sandbox-job /prefetch:1
              3⤵
                PID:5092
              • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=1BC7749BCC6BDE22966665248FA7EBEF --mojo-platform-channel-handle=1912 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
                3⤵
                  PID:4312
                • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=68311784F81AA8F84141B1E727E879FB --mojo-platform-channel-handle=2448 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
                  3⤵
                    PID:4496
              • C:\Windows\System32\CompPkgSrv.exe
                C:\Windows\System32\CompPkgSrv.exe -Embedding
                1⤵
                  PID:1308

                Network

                • flag-us
                  DNS
                  g.bing.com
                  Remote address:
                  8.8.8.8:53
                  Request
                  g.bing.com
                  IN A
                  Response
                  g.bing.com
                  IN CNAME
                  g-bing-com.a-0001.a-msedge.net
                  g-bing-com.a-0001.a-msedge.net
                  IN CNAME
                  dual-a-0001.a-msedge.net
                  dual-a-0001.a-msedge.net
                  IN A
                  204.79.197.200
                  dual-a-0001.a-msedge.net
                  IN A
                  13.107.21.200
                • flag-us
                  GET
                  https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=b54e45b4c0074ab88568b04ba612348a&localId=w:74019202-808B-909D-A3F8-27A805F8E594&deviceId=6825827065235624&anid=
                  Remote address:
                  204.79.197.200:443
                  Request
                  GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=b54e45b4c0074ab88568b04ba612348a&localId=w:74019202-808B-909D-A3F8-27A805F8E594&deviceId=6825827065235624&anid= HTTP/2.0
                  host: g.bing.com
                  accept-encoding: gzip, deflate
                  user-agent: WindowsShellClient/9.0.40929.0 (Windows)
                  Response
                  HTTP/2.0 204
                  cache-control: no-cache, must-revalidate
                  pragma: no-cache
                  expires: Fri, 01 Jan 1990 00:00:00 GMT
                  set-cookie: MUID=230F0B9E5C51633C2F1318635DB1627D; domain=.bing.com; expires=Wed, 29-Jan-2025 09:54:52 GMT; path=/; SameSite=None; Secure; Priority=High;
                  strict-transport-security: max-age=31536000; includeSubDomains; preload
                  access-control-allow-origin: *
                  x-cache: CONFIG_NOCACHE
                  accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                  x-msedge-ref: Ref A: 333AA8591DBC4448841E092EAC775988 Ref B: LON04EDGE1208 Ref C: 2024-01-05T09:54:52Z
                  date: Fri, 05 Jan 2024 09:54:51 GMT
                • flag-us
                  GET
                  https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=b54e45b4c0074ab88568b04ba612348a&localId=w:74019202-808B-909D-A3F8-27A805F8E594&deviceId=6825827065235624&anid=
                  Remote address:
                  204.79.197.200:443
                  Request
                  GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=b54e45b4c0074ab88568b04ba612348a&localId=w:74019202-808B-909D-A3F8-27A805F8E594&deviceId=6825827065235624&anid= HTTP/2.0
                  host: g.bing.com
                  accept-encoding: gzip, deflate
                  user-agent: WindowsShellClient/9.0.40929.0 (Windows)
                  cookie: MUID=230F0B9E5C51633C2F1318635DB1627D
                  Response
                  HTTP/2.0 204
                  cache-control: no-cache, must-revalidate
                  pragma: no-cache
                  expires: Fri, 01 Jan 1990 00:00:00 GMT
                  set-cookie: MSPTC=ybUmIvbJ9biBjN1Qx4x6TIKXL0nysz2h3_uOWmTI7Fo; domain=.bing.com; expires=Wed, 29-Jan-2025 09:54:52 GMT; path=/; Partitioned; secure; SameSite=None
                  strict-transport-security: max-age=31536000; includeSubDomains; preload
                  access-control-allow-origin: *
                  x-cache: CONFIG_NOCACHE
                  accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                  x-msedge-ref: Ref A: 538F709683CF48E18CEF8DD2F223F9D7 Ref B: LON04EDGE1208 Ref C: 2024-01-05T09:54:52Z
                  date: Fri, 05 Jan 2024 09:54:51 GMT
                • flag-us
                  GET
                  https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=b54e45b4c0074ab88568b04ba612348a&localId=w:74019202-808B-909D-A3F8-27A805F8E594&deviceId=6825827065235624&anid=
                  Remote address:
                  204.79.197.200:443
                  Request
                  GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=b54e45b4c0074ab88568b04ba612348a&localId=w:74019202-808B-909D-A3F8-27A805F8E594&deviceId=6825827065235624&anid= HTTP/2.0
                  host: g.bing.com
                  accept-encoding: gzip, deflate
                  user-agent: WindowsShellClient/9.0.40929.0 (Windows)
                  cookie: MUID=230F0B9E5C51633C2F1318635DB1627D; MSPTC=ybUmIvbJ9biBjN1Qx4x6TIKXL0nysz2h3_uOWmTI7Fo
                  Response
                  HTTP/2.0 204
                  cache-control: no-cache, must-revalidate
                  pragma: no-cache
                  expires: Fri, 01 Jan 1990 00:00:00 GMT
                  strict-transport-security: max-age=31536000; includeSubDomains; preload
                  access-control-allow-origin: *
                  x-cache: CONFIG_NOCACHE
                  accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                  x-msedge-ref: Ref A: 07F964D160534997A02519B4FA877A7E Ref B: LON04EDGE1208 Ref C: 2024-01-05T09:54:52Z
                  date: Fri, 05 Jan 2024 09:54:51 GMT
                • flag-us
                  DNS
                  158.240.127.40.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  158.240.127.40.in-addr.arpa
                  IN PTR
                  Response
                • flag-us
                  DNS
                  173.178.17.96.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  173.178.17.96.in-addr.arpa
                  IN PTR
                  Response
                  173.178.17.96.in-addr.arpa
                  IN PTR
                  a96-17-178-173deploystaticakamaitechnologiescom
                • flag-us
                  DNS
                  22.160.190.20.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  22.160.190.20.in-addr.arpa
                  IN PTR
                  Response
                • flag-us
                  DNS
                  146.78.124.51.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  146.78.124.51.in-addr.arpa
                  IN PTR
                  Response
                • flag-us
                  DNS
                  135.240.123.92.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  135.240.123.92.in-addr.arpa
                  IN PTR
                  Response
                  135.240.123.92.in-addr.arpa
                  IN PTR
                  a92-123-240-135deploystaticakamaitechnologiescom
                • flag-us
                  DNS
                  135.240.123.92.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  135.240.123.92.in-addr.arpa
                  IN PTR
                • flag-us
                  DNS
                  135.240.123.92.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  135.240.123.92.in-addr.arpa
                  IN PTR
                • flag-us
                  DNS
                  17.134.221.88.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  17.134.221.88.in-addr.arpa
                  IN PTR
                  Response
                  17.134.221.88.in-addr.arpa
                  IN PTR
                  a88-221-134-17deploystaticakamaitechnologiescom
                • flag-us
                  DNS
                  2.136.104.51.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  2.136.104.51.in-addr.arpa
                  IN PTR
                  Response
                • flag-us
                  DNS
                  114.110.16.96.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  114.110.16.96.in-addr.arpa
                  IN PTR
                  Response
                  114.110.16.96.in-addr.arpa
                  IN PTR
                  a96-16-110-114deploystaticakamaitechnologiescom
                • flag-us
                  DNS
                  103.169.127.40.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  103.169.127.40.in-addr.arpa
                  IN PTR
                  Response
                • flag-us
                  DNS
                  56.126.166.20.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  56.126.166.20.in-addr.arpa
                  IN PTR
                  Response
                • flag-us
                  DNS
                  217.135.221.88.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  217.135.221.88.in-addr.arpa
                  IN PTR
                  Response
                  217.135.221.88.in-addr.arpa
                  IN PTR
                  a88-221-135-217deploystaticakamaitechnologiescom
                • flag-us
                  DNS
                  175.178.17.96.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  175.178.17.96.in-addr.arpa
                  IN PTR
                  Response
                  175.178.17.96.in-addr.arpa
                  IN PTR
                  a96-17-178-175deploystaticakamaitechnologiescom
                • flag-us
                  DNS
                  205.47.74.20.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  205.47.74.20.in-addr.arpa
                  IN PTR
                  Response
                • flag-us
                  DNS
                  21.236.111.52.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  21.236.111.52.in-addr.arpa
                  IN PTR
                  Response
                • flag-us
                  DNS
                  26.35.223.20.in-addr.arpa
                  Remote address:
                  8.8.8.8:53
                  Request
                  26.35.223.20.in-addr.arpa
                  IN PTR
                  Response
                • flag-us
                  DNS
                  tse1.mm.bing.net
                  Remote address:
                  8.8.8.8:53
                  Request
                  tse1.mm.bing.net
                  IN A
                  Response
                  tse1.mm.bing.net
                  IN CNAME
                  mm-mm.bing.net.trafficmanager.net
                  mm-mm.bing.net.trafficmanager.net
                  IN CNAME
                  dual-a-0001.a-msedge.net
                  dual-a-0001.a-msedge.net
                  IN A
                  204.79.197.200
                  dual-a-0001.a-msedge.net
                  IN A
                  13.107.21.200
                • 204.79.197.200:443
                  https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=b54e45b4c0074ab88568b04ba612348a&localId=w:74019202-808B-909D-A3F8-27A805F8E594&deviceId=6825827065235624&anid=
                  tls, http2
                  2.2kB
                   9.3kB
                   21
                  15

                  HTTP Request

                  GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=b54e45b4c0074ab88568b04ba612348a&localId=w:74019202-808B-909D-A3F8-27A805F8E594&deviceId=6825827065235624&anid=

                  HTTP Response

                  204

                  HTTP Request

                  GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=b54e45b4c0074ab88568b04ba612348a&localId=w:74019202-808B-909D-A3F8-27A805F8E594&deviceId=6825827065235624&anid=

                  HTTP Response

                  204

                  HTTP Request

                  GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=b54e45b4c0074ab88568b04ba612348a&localId=w:74019202-808B-909D-A3F8-27A805F8E594&deviceId=6825827065235624&anid=

                  HTTP Response

                  204
                • 204.79.197.200:443
                  tse1.mm.bing.net
                  tls
                  443 B
                   100 B
                   5
                  2
                • 204.79.197.200:443
                  tse1.mm.bing.net
                  tls
                  38.4kB
                   995.8kB
                   735
                  727
                • 204.79.197.200:443
                  tse1.mm.bing.net
                  tls
                  1.2kB
                   8.2kB
                   16
                  13
                • 204.79.197.200:443
                  tse1.mm.bing.net
                  tls
                  443 B
                   100 B
                   5
                  2
                • 204.79.197.200:443
                  tse1.mm.bing.net
                  tls
                  1.6kB
                   8.6kB
                   18
                  11
                • 8.8.8.8:53
                  g.bing.com
                  dns
                  56 B
                   158 B
                   1
                  1

                  DNS Request

                  g.bing.com

                  DNS Response

                  204.79.197.200
                  13.107.21.200

                • 8.8.8.8:53
                  158.240.127.40.in-addr.arpa
                  dns
                  73 B
                   147 B
                   1
                  1

                  DNS Request

                  158.240.127.40.in-addr.arpa

                • 8.8.8.8:53
                  173.178.17.96.in-addr.arpa
                  dns
                  72 B
                   137 B
                   1
                  1

                  DNS Request

                  173.178.17.96.in-addr.arpa

                • 8.8.8.8:53
                  22.160.190.20.in-addr.arpa
                  dns
                  72 B
                   158 B
                   1
                  1

                  DNS Request

                  22.160.190.20.in-addr.arpa

                • 8.8.8.8:53
                  146.78.124.51.in-addr.arpa
                  dns
                  72 B
                   158 B
                   1
                  1

                  DNS Request

                  146.78.124.51.in-addr.arpa

                • 8.8.8.8:53
                  135.240.123.92.in-addr.arpa
                  dns
                  219 B
                   139 B
                   3
                  1

                  DNS Request

                  135.240.123.92.in-addr.arpa

                  DNS Request

                  135.240.123.92.in-addr.arpa

                  DNS Request

                  135.240.123.92.in-addr.arpa

                • 8.8.8.8:53
                  17.134.221.88.in-addr.arpa
                  dns
                  72 B
                   137 B
                   1
                  1

                  DNS Request

                  17.134.221.88.in-addr.arpa

                • 8.8.8.8:53
                  2.136.104.51.in-addr.arpa
                  dns
                  71 B
                   157 B
                   1
                  1

                  DNS Request

                  2.136.104.51.in-addr.arpa

                • 8.8.8.8:53
                  114.110.16.96.in-addr.arpa
                  dns
                  72 B
                   137 B
                   1
                  1

                  DNS Request

                  114.110.16.96.in-addr.arpa

                • 8.8.8.8:53
                  103.169.127.40.in-addr.arpa
                  dns
                  73 B
                   147 B
                   1
                  1

                  DNS Request

                  103.169.127.40.in-addr.arpa

                • 8.8.8.8:53
                  56.126.166.20.in-addr.arpa
                  dns
                  72 B
                   158 B
                   1
                  1

                  DNS Request

                  56.126.166.20.in-addr.arpa

                • 8.8.8.8:53
                  217.135.221.88.in-addr.arpa
                  dns
                  73 B
                   139 B
                   1
                  1

                  DNS Request

                  217.135.221.88.in-addr.arpa

                • 8.8.8.8:53
                  175.178.17.96.in-addr.arpa
                  dns
                  72 B
                   137 B
                   1
                  1

                  DNS Request

                  175.178.17.96.in-addr.arpa

                • 8.8.8.8:53
                  205.47.74.20.in-addr.arpa
                  dns
                  71 B
                   157 B
                   1
                  1

                  DNS Request

                  205.47.74.20.in-addr.arpa

                • 8.8.8.8:53
                  21.236.111.52.in-addr.arpa
                  dns
                  72 B
                   158 B
                   1
                  1

                  DNS Request

                  21.236.111.52.in-addr.arpa

                • 8.8.8.8:53
                  26.35.223.20.in-addr.arpa
                  dns
                  71 B
                   157 B
                   1
                  1

                  DNS Request

                  26.35.223.20.in-addr.arpa

                • 8.8.8.8:53
                  tse1.mm.bing.net
                  dns
                  62 B
                   173 B
                   1
                  1

                  DNS Request

                  tse1.mm.bing.net

                  DNS Response

                  204.79.197.200
                  13.107.21.200

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
                  Filesize

                  64KB

                  MD5

                  4715c56c78889da49c5a8b392a4a206b

                  SHA1

                  3cfbd34e69ea97a756a8d341bafefcde52e1755d

                  SHA256

                  b8a75d0b3c992b5df2d0f2b1e6f0b04c5b3f504803886390dd45a1a32e7a8f9c

                  SHA512

                  11b4e6ce5b55e3f416d54797f8c46d4b5e12ff498f51e19d47fa6e98eb524b4312304d59da0b116030d19c2b2d773ec2d776f059fd96999f68b4ed49aa7faf5b

                  Download Submit

                • C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
                  Filesize

                  56KB

                  MD5

                  c26ed30e7d5ab440480838636efc41db

                  SHA1

                  c66e0d00b56abebfb60d2fcc5cf85ad31a0d6591

                  SHA256

                  6a3c5c4a8e57f77ecc22078fbf603ecc31fb82d429bd87b7b4b9261447092aef

                  SHA512

                  96cdb78bca3e01d4513c31661987e5646e6a8ff24708918aa0d66dfa3ca5d98af4862c9f38c4f41f933c345d2d3adfb1d34d1430b33f45f916f41a9872a030df

                  Download Submit

                • C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
                  Filesize

                  1KB

                  MD5

                  d0df5f9974138501424cb06472477adf

                  SHA1

                  9d143e2c9c48327c6fa0b4f2fb65be982037db51

                  SHA256

                  6c3615c908cb98afc062e70b7f985bf7b667fd8540a25824aa07a14b6b6a05d6

                  SHA512

                  9a7d8b47a8311e00ba206fee9bf0d42991a0caaf43492ea067bb6c9eb333a3231a35bae1efcd95add82d6dbfcfef5e10d42c084b9e73c5fdd7eadf8131324617

                  Download Submit

                We care about your privacy.

                This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.